Electronic device operating encryption for user data

ABSTRACT

An electronic device includes a memory and a processor. The memory includes a data partition, a key storage partition, and a key backup partition. The processor operatively connected to the memory. The processor is configured to generate an encryption key with respect to at least one data folder generated in the data partition to store the encryption key in the key storage partition. The processor is also configured to store a backup encryption key equal to the encryption key, in the key backup partition. The processor is further configured to store an integrity file including a checksum of the encryption key in the key backup partition.

CROSS-REFERENCE TO RELATED APPLICATION

This application is based on and claims priority under 35 U.S.C. § 119to Korean Patent Application No. 10-2019-0096266, filed on Aug. 7, 2019,in the Korean Intellectual Property Office, the disclosure of which isincorporated by reference herein its entirety.

BACKGROUND 1. Field

The disclosure relates to an encryption technology used in an electronicdevice.

2. Description of Related Art

Electronic devices such as a smartphone have been used to be closelyrelated to users. As electronic devices personally employed by usershave been widely distributed and used, personal information oruser-related information of users stored in the electronic devices hasbeen also increasing. Accordingly, an encryption technology is beingused to protect data recorded and stored in an electronic device fromhacking.

The above information is presented as background information only toassist with an understanding of the disclosure. No determination hasbeen made, and no assertion is made, as to whether any of the abovemight be applicable as prior art with regard to the disclosure.

SUMMARY

An electronic device may divide and manage the data partition (e.g.,/data) into a plurality of regions (or folders) (e.g., non-encrypted(NE), global device encrypted (DE), user DE, credential encrypted (userCE)). The conventional electronic device has generated an encryption keyfor each of the plurality of region, and has stored the generatedencryption key together with user data in a data partition. However, theuser data in the data partition may be frequently input and output, andthus the encryption key is also likely to be corrupted when there is aproblem in the data partition. Besides, when the encryption key ischanged by changing the user data, the overwriting of the encryption keymay fail due to the corruption of the data partition. All user dataencrypted with the encryption key may not be used when the encryptionkey is corrupted. In the meantime, the conventional recovery method iscopying and recovering the user data itself backed up by a user'sselection or storing the checksum for the user data, identifying theintegrity of the user data itself, and recovering the user data for eachuser data file, not recovering the encryption key. Accordingly, it maytake a lot of time to recover the user data.

Aspects of the disclosure are to address at least the above-mentionedproblems and/or disadvantages and to provide at least the advantagesdescribed below. Accordingly, an aspect of the disclosure is to providean electronic device that stores encryption keys corresponding to aplurality of regions included in a data partition in a key storagepartition different from the data partition.

Furthermore, an aspect of the disclosure is to provide an electronicdevice that backs up encryption keys stored in a key storage partitionin a key backup partition and stores an integrity file obtained byre-encrypting the encryption keys in the key backup partition.

Besides, an aspect of the disclosure is to provide an electronic devicethat may use a backup encryption key stored in the key backup partitionwhen failing to load an encryption key due to a file system error.

Also, an aspect of the disclosure is to provide an electronic devicethat may use a backup encryption key stored in a key backup partitionwhen the region where the encryption key of a memory is stored isdamaged physically.

In accordance with an aspect of the disclosure, an electronic device mayinclude a memory in which a region is divided by a data partition, a keystorage partition, and a key backup partition and a processoroperatively connected to the memory. The processor may be configured togenerate an encryption key with respect to at least one data foldergenerated in the data partition to store the encryption key in the keystorage partition, to store a backup encryption key equal to theencryption key, in the key backup partition, and to store an integrityfile including a checksum of the encryption key in the key backuppartition.

In accordance with another aspect of the disclosure, an electronicdevice may include a memory in which a region is divided by a datapartition, a key storage partition, and a key backup partition and aprocessor operatively connected to the memory. The data partition mayinclude a first data folder in which files associated with driving ofthe electronic device are stored and a second data folder in which filesassociated with a user are stored. The processor may be configured, at afirst boot time, to generate a first encryption key corresponding to thefirst data folder to store the first encryption key in a first keystorage folder of the key storage partition, to store a first integrityfile including a checksum calculated based on the first encryption key,in a first key backup folder of the key backup partition, at the firstboot time or when users are switched, to generate a second encryptionkey corresponding to the second data folder to store the secondencryption key in a second key storage folder of the key storagepartition, and to store a second integrity file including a checksumcalculated based on the second encryption key, in a second key backupfolder of the key backup partition.

Other aspects, advantages, and salient features of the disclosure willbecome apparent to those skilled in the art from the following detaileddescription, which, taken in conjunction with the annexed drawings,discloses various embodiments of the disclosure.

Before undertaking the DETAILED DESCRIPTION below, it may beadvantageous to set forth definitions of certain words and phrases usedthroughout this patent document: the terms “include” and “comprise,” aswell as derivatives thereof, mean inclusion without limitation; the term“or,” is inclusive, meaning and/or; the phrases “associated with” and“associated therewith,” as well as derivatives thereof, may mean toinclude, be included within, interconnect with, contain, be containedwithin, connect to or with, couple to or with, be communicable with,cooperate with, interleave, juxtapose, be proximate to, be bound to orwith, have, have a property of, or the like; and the term “controller”means any device, system or part thereof that controls at least oneoperation, such a device may be implemented in hardware, firmware orsoftware, or some combination of at least two of the same. It should benoted that the functionality associated with any particular controllermay be centralized or distributed, whether locally or remotely.

Moreover, various functions described below can be implemented orsupported by one or more computer programs, each of which is formed fromcomputer readable program code and embodied in a computer readablemedium. The terms “application” and “program” refer to one or morecomputer programs, software components, sets of instructions,procedures, functions, objects, classes, instances, related data, or aportion thereof adapted for implementation in a suitable computerreadable program code. The phrase “computer readable program code”includes any type of computer code, including source code, object code,and executable code. The phrase “computer readable medium” includes anytype of medium capable of being accessed by a computer, such as readonly memory (ROM), random access memory (RAM), a hard disk drive, acompact disc (CD), a digital video disc (DVD), or any other type ofmemory. A “non-transitory” computer readable medium excludes wired,wireless, optical, or other communication links that transporttransitory electrical or other signals. A non-transitory computerreadable medium includes media where data can be permanently stored andmedia where data can be stored and later overwritten, such as arewritable optical disc or an erasable memory device.

Definitions for certain words and phrases are provided throughout thispatent document, those of ordinary skill in the art should understandthat in many, if not most instances, such definitions apply to prior, aswell as future uses of such defined words and phrases.

BRIEF DESCRIPTION OF THE DRAWINGS

The above and other aspects, features, and advantages of certainembodiments of the disclosure will be more apparent from the followingdescription taken in conjunction with the accompanying drawings, inwhich:

FIG. 1 is a block diagram illustrating an electronic device in a networkenvironment according to various embodiments;

FIG. 2A is a diagram illustrating a configuration of partitions includedin a memory of an electronic device according to an embodiment;

FIG. 2B is a diagram illustrating components included in a processor ofan electronic device according to an embodiment;

FIG. 3 is a diagram illustrating an example of folders included inpartitions of FIG. 2A;

FIG. 4 is a diagram illustrating an example of files included in a firstkey storage folder and a first key backup folder corresponding to thefirst data folder of FIG. 3;

FIG. 5A is a diagram illustrating an example of a process in which thefirst integrity file of FIG. 4 is generated;

FIG. 5B is a diagram illustrating another example of a process in whichthe first integrity file of FIG. 4 is generated;

FIG. 6 is a flowchart illustrating a boot operation of an electronicdevice according to an embodiment;

FIG. 7 is a flowchart illustrating an example of an operation ofgenerating a key storage folder and a key backup folder corresponding toA1 and A2 of FIG. 6;

FIG. 8 is a flowchart illustrating an example of an integrityverification operation of a first encryption key corresponding to B1 andB2 of FIG. 6;

FIG. 9 is a flowchart illustrating an example of an integrityverification operation of a second encryption key corresponding to C1and C2 of FIG. 6;

FIG. 10 is a flowchart illustrating an example of an integrityverification operation of a third encryption key corresponding to D1 andD2 of FIG. 6;

FIG. 11 is a flowchart illustrating a method of determining integrity ofa current encryption key of an electronic device according to anembodiment;

FIG. 12 is a flowchart illustrating a method of determining whether acurrent encryption key of an electronic device is recoverable, accordingto an embodiment;

FIG. 13 is a flowchart illustrating a user switching operation of anelectronic device according to an embodiment; and

FIG. 14 is a flowchart illustrating an example of an operation ofgenerating a key storage folder and a key backup folder corresponding toA3 and A4 of FIG. 13.

DETAILED DESCRIPTION

FIGS. 1 through 14, discussed below, and the various embodiments used todescribe the principles of the present disclosure in this patentdocument are by way of illustration only and should not be construed inany way to limit the scope of the disclosure. Those skilled in the artwill understand that the principles of the present disclosure may beimplemented in any suitably arranged system or device.

Hereinafter, various embodiments of the disclosure may be described withreference to accompanying drawings. Accordingly, those of ordinary skillin the art will recognize that modification, equivalent, and/oralternative on the various embodiments described herein can be variouslymade without departing from the scope and spirit of the disclosure.

FIG. 1 is a block diagram illustrating an electronic device 101 in anetwork environment 100 according to various embodiments. Referring toFIG. 1, the electronic device 101 in the network environment 100 maycommunicate with an electronic device 102 via a first network 198 (e.g.,a short-range wireless communication network), or an electronic device104 or a server 108 via a second network 199 (e.g., a long-rangewireless communication network). According to an embodiment, theelectronic device 101 may communicate with the electronic device 104 viathe server 108. According to an embodiment, the electronic device 101may include a processor 120, memory 130, an input device 150, a soundoutput device 155, a display device 160, an audio module 170, a sensormodule 176, an interface 177, a haptic module 179, a camera module 180,a power management module 188, a battery 189, a communication module190, a subscriber identification module (SIM) 196, or an antenna module197. In some embodiments, at least one (e.g., the display device 160 orthe camera module 180) of the components may be omitted from theelectronic device 101, or one or more other components may be added inthe electronic device 101. In some embodiments, some of the componentsmay be implemented as single integrated circuitry. For example, thesensor module 176 (e.g., a fingerprint sensor, an iris sensor, or anilluminance sensor) may be implemented as embedded in the display device160 (e.g., a display).

The processor 120 may execute, for example, software (e.g., a program140) to control at least one other component (e.g., a hardware orsoftware component) of the electronic device 101 coupled with theprocessor 120, and may perform various data processing or computation.According to one embodiment, as at least part of the data processing orcomputation, the processor 120 may load a command or data received fromanother component (e.g., the sensor module 176 or the communicationmodule 190) in volatile memory 132, process the command or the datastored in the volatile memory 132, and store resulting data innon-volatile memory 134. According to an embodiment, the processor 120may include a main processor 121 (e.g., a central processing unit (CPU)or an application processor (AP)), and an auxiliary processor 123 (e.g.,a graphics processing unit (GPU), an image signal processor (ISP), asensor hub processor, or a communication processor (CP)) that isoperable independently from, or in conjunction with, the main processor121. Additionally or alternatively, the auxiliary processor 123 may beadapted to consume less power than the main processor 121, or to bespecific to a specified function. The auxiliary processor 123 may beimplemented as separate from, or as part of the main processor 121.

The auxiliary processor 123 may control at least some of functions orstates related to at least one component (e.g., the display device 160,the sensor module 176, or the communication module 190) among thecomponents of the electronic device 101, instead of the main processor121 while the main processor 121 is in an inactive (e.g., sleep) state,or together with the main processor 121 while the main processor 121 isin an active state (e.g., executing an application). According to anembodiment, the auxiliary processor 123 (e.g., an image signal processoror a communication processor) may be implemented as part of anothercomponent (e.g., the camera module 180 or the communication module 190)functionally related to the auxiliary processor 123.

The memory 130 may store various data used by at least one component(e.g., the processor 120 or the sensor module 176) of the electronicdevice 101. The various data may include, for example, software (e.g.,the program 140) and input data or output data for a command relatedthereto. The memory 130 may include the volatile memory 132 or thenon-volatile memory 134.

The program 140 may be stored in the memory 130 as software, and mayinclude, for example, an operating system (OS) 142, middleware 144, oran application 146.

The input device 150 may receive a command or data to be used by othercomponent (e.g., the processor 120) of the electronic device 101, fromthe outside (e.g., a user) of the electronic device 101. The inputdevice 150 may include, for example, a microphone, a mouse, a keyboard,or a digital pen (e.g., a stylus pen).

The sound output device 155 may output sound signals to the outside ofthe electronic device 101. The sound output device 155 may include, forexample, a speaker or a receiver. The speaker may be used for generalpurposes, such as playing multimedia or playing record, and the receivermay be used for an incoming calls. According to an embodiment, thereceiver may be implemented as separate from, or as part of the speaker.

The display device 160 may visually provide information to the outside(e.g., a user) of the electronic device 101. The display device 160 mayinclude, for example, a display, a hologram device, or a projector andcontrol circuitry to control a corresponding one of the display,hologram device, and projector. According to an embodiment, the displaydevice 160 may include touch circuitry adapted to detect a touch, orsensor circuitry (e.g., a pressure sensor) adapted to measure theintensity of force incurred by the touch.

The audio module 170 may convert a sound into an electrical signal andvice versa. According to an embodiment, the audio module 170 may obtainthe sound via the input device 150, or output the sound via the soundoutput device 155 or a headphone of an external electronic device (e.g.,an electronic device 102) directly (e.g., wiredly) or wirelessly coupledwith the electronic device 101.

The sensor module 176 may detect an operational state (e.g., power ortemperature) of the electronic device 101 or an environmental state(e.g., a state of a user) external to the electronic device 101, andthen generate an electrical signal or data value corresponding to thedetected state. According to an embodiment, the sensor module 176 mayinclude, for example, a gesture sensor, a gyro sensor, an atmosphericpressure sensor, a magnetic sensor, an acceleration sensor, a gripsensor, a proximity sensor, a color sensor, an infrared (IR) sensor, abiometric sensor, a temperature sensor, a humidity sensor, or anilluminance sensor.

The interface 177 may support one or more specified protocols to be usedfor the electronic device 101 to be coupled with the external electronicdevice (e.g., the electronic device 102) directly (e.g., wiredly) orwirelessly. According to an embodiment, the interface 177 may include,for example, a high definition multimedia interface (HDMI), a universalserial bus (USB) interface, a secure digital (SD) card interface, or anaudio interface.

A connecting terminal 178 may include a connector via which theelectronic device 101 may be physically connected with the externalelectronic device (e.g., the electronic device 102). According to anembodiment, the connecting terminal 178 may include, for example, a HDMIconnector, a USB connector, a SD card connector, or an audio connector(e.g., a headphone connector).

The haptic module 179 may convert an electrical signal into a mechanicalstimulus (e.g., a vibration or a movement) or electrical stimulus whichmay be recognized by a user via his tactile sensation or kinestheticsensation. According to an embodiment, the haptic module 179 mayinclude, for example, a motor, a piezoelectric element, or an electricstimulator.

The camera module 180 may capture a still image or moving images.According to an embodiment, the camera module 180 may include one ormore lenses, image sensors, image signal processors, or flashes.

The power management module 188 may manage power supplied to theelectronic device 101. According to one embodiment, the power managementmodule 188 may be implemented as at least part of, for example, a powermanagement integrated circuit (PMIC).

The battery 189 may supply power to at least one component of theelectronic device 101. According to an embodiment, the battery 189 mayinclude, for example, a primary cell which is not rechargeable, asecondary cell which is rechargeable, or a fuel cell.

The communication module 190 may support establishing a direct (e.g.,wired) communication channel or a wireless communication channel betweenthe electronic device 101 and the external electronic device (e.g., theelectronic device 102, the electronic device 104, or the server 108) andperforming communication via the established communication channel. Thecommunication module 190 may include one or more communicationprocessors that are operable independently from the processor 120 (e.g.,the application processor (AP)) and supports a direct (e.g., wired)communication or a wireless communication. According to an embodiment,the communication module 190 may include a wireless communication module192 (e.g., a cellular communication module, a short-range wirelesscommunication module, or a global navigation satellite system (GNSS)communication module) or a wired communication module 194 (e.g., a localarea network (LAN) communication module or a power line communication(PLC) module). A corresponding one of these communication modules maycommunicate with the external electronic device via the first network198 (e.g., a short-range communication network, such as Bluetooth™,wireless-fidelity (Wi-Fi) direct, or infrared data association (IrDA))or the second network 199 (e.g., a long-range communication network,such as a cellular network, the Internet, or a computer network (e.g.,LAN or wide area network (WAN)). These various types of communicationmodules may be implemented as a single component (e.g., a single chip),or may be implemented as multi components (e.g., multi chips) separatefrom each other. The wireless communication module 192 may identify andauthenticate the electronic device 101 in a communication network, suchas the first network 198 or the second network 199, using subscriberinformation (e.g., international mobile subscriber identity (IMSI))stored in the subscriber identification module 196.

The antenna module 197 may transmit or receive a signal or power to orfrom the outside (e.g., the external electronic device) of theelectronic device 101. According to an embodiment, the antenna module197 may include an antenna including a radiating element composed of aconductive material or a conductive pattern formed in or on a substrate(e.g., PCB). According to an embodiment, the antenna module 197 mayinclude a plurality of antennas. In such a case, at least one antennaappropriate for a communication scheme used in the communicationnetwork, such as the first network 198 or the second network 199, may beselected, for example, by the communication module 190 (e.g., thewireless communication module 192) from the plurality of antennas. Thesignal or the power may then be transmitted or received between thecommunication module 190 and the external electronic device via theselected at least one antenna. According to an embodiment, anothercomponent (e.g., a radio frequency integrated circuit (RFIC)) other thanthe radiating element may be additionally formed as part of the antennamodule 197.

At least some of the above-described components may be coupled mutuallyand communicate signals (e.g., commands or data) therebetween via aninter-peripheral communication scheme (e.g., a bus, general purposeinput and output (GPIO), serial peripheral interface (SPI), or mobileindustry processor interface (MIPI)).

According to an embodiment, commands or data may be transmitted orreceived between the electronic device 101 and the external electronicdevice 104 via the server 108 coupled with the second network 199. Eachof the electronic devices 102 and 104 may be a device of a same type as,or a different type, from the electronic device 101. According to anembodiment, all or some of operations to be executed at the electronicdevice 101 may be executed at one or more of the external electronicdevices 102, 104, or 108. For example, if the electronic device 101should perform a function or a service automatically, or in response toa request from a user or another device, the electronic device 101,instead of, or in addition to, executing the function or the service,may request the one or more external electronic devices to perform atleast part of the function or the service. The one or more externalelectronic devices receiving the request may perform the at least partof the function or the service requested, or an additional function oran additional service related to the request, and transfer an outcome ofthe performing to the electronic device 101. The electronic device 101may provide the outcome, with or without further processing of theoutcome, as at least part of a reply to the request. To that end, acloud computing, distributed computing, or client-server computingtechnology may be used, for example.

FIG. 2A is a diagram illustrating a configuration of partitions includedin a memory of an electronic device according to an embodiment. FIG. 2Bis a diagram illustrating components included in a processor of anelectronic device according to an embodiment. FIG. 3 is a diagramillustrating an example of folders included in partitions of FIG. 2A.FIG. 4 is a diagram illustrating an example of files included in a firstkey storage folder and a first key backup folder corresponding to thefirst data folder of FIG. 3. FIG. 5A is a diagram illustrating anexample of a process in which the first integrity file of FIG. 4 isgenerated. FIG. 5B is a diagram illustrating another example of aprocess in which the first integrity file of FIG. 4 is generated.

Referring to FIGS. 2A to 5B, the memory 130 may include a data partition210 (e.g., /data) for storing user data, a key storage partition 220(e.g., /keydata) for storing an encryption key corresponding to the userdata, and a key backup partition 230 (e.g., /keyrefuge) for storing abackup encryption key by backing up the encryption key. For example, theprocessor 120 (e.g., the processor 120) of the electronic device 101(e.g., the electronic device 101) may load the operating system 142(e.g., the operating system 142) at boot time. The processor 120 maygenerate the data partition 210, the key storage partition 220, and thekey backup partition 230 in the memory 130 through the operating system142 at the first boot time (e.g., the first use of an electronic deviceafter user purchase or the first boot after the initialization of theelectronic device). A series of operations associated with partitions,folders, and files described later may be performed through theoperating system 142 executed by the processor 120.

According to an embodiment, a plurality of folders (or folder group)(e.g., non-encrypted (NE), global device encrypted (DE), user DE,credential encrypted (user CE)) may be generated in the data partition210. For example, first to fourth data folders 211, 212, 213, and 214may be generated in the data partition 210. For example, the first tothird data folders 211, 212, and 213 may be managed by encryption, andthe fourth data folder 214 (e.g., NE) may be managed without encryption.However, the number of data folders included in the data partition 210is not limited thereto. The number of data folders included in the datapartition 210 is exemplary, and the data partition 210 may include atleast one data folder.

According to an embodiment, files associated with the operation of theelectronic device may be stored in the first data folder 211 (e.g.,global DE). Files associated with user information may be stored insecond and third data folders 212 and 213. Files (e.g., images, videos,or documents) stored by the user may be stored in the second data folder212 (e.g., user DE). Files associated with user security (e.g.,credential file (e.g., pin, pattern, or lock)) may be stored in thethird data folder 213 (e.g., user CE). According to various embodiments,when the electronic device is used by a plurality of users, the secondand third data folders 212 and 213 may be generated for each user. Forexample, the second and third data folders 212 and 213 respectivelycorresponding to a plurality of users (e.g., a first user and a seconduser) such as the first user's DE folder, the first user's CE folder,the second user's DE folder, and the second user's CE folder may begenerated in the data partition 210. In various embodiments, the thirddata folder 213 may be generated as a sub-folder of the second datafolder 212.

According to an embodiment, first to third key storage folders 221, 222,and 223 corresponding to the first to third data folders 211, 212, and213 may be generated in the key storage partition 220. For example, afirst encryption key corresponding to at least one file stored in thefirst data folder 211 may be stored in the first key storage folder 221.The first encryption key may include key files (e.g., version, rot,keymaster_key_blob, or encrypted_key). The second encryption keycorresponding to at least one file stored in the second data folder 212may be stored in the second key storage folder 222. The secondencryption key may include key files (e.g., version, keymaster_key_blob,or encrypted_key). The third encryption key corresponding to at leastone file stored in the third data folder 213 may be stored in the thirdkey storage folder 223. The third encryption key may include key files(e.g., version, salt, keymaster_key_blob, or encrypted_key).

According to an embodiment, first to third key backup folders 231, 232,and 233 corresponding to the first to third key storage folders 221,222, and 223 may be generated in the key backup partition 230. Forexample, the first backup encryption key the same as the firstencryption key stored in the first key storage folder 221 may be storedin the first key backup folder 231. The first backup encryption key mayinclude the same key files (e.g., version, rot, keymaster_key_blob, orencrypted_key) as the first encryption key. The second backup encryptionkey the same as the second encryption key stored in the second keystorage folder 222 may be stored in the second key backup folder 232.The second backup encryption key may include the same key files (e.g.,version, keymaster_key_blob, or encrypted_key) as the second encryptionkey. The third backup encryption key the same as the third encryptionkey stored in the third key storage folder 223 may be stored in thethird key backup folder 233. The third backup encryption key may includethe same key files (e.g., version, salt, keymaster_key_blob, orencrypted_key) as the third encryption key. In various embodiments, thefirst integrity file 411 including the checksum of the first encryptionkey may be stored in the first key backup folder 231. A second integrityfile including the checksum of the second encryption key may be storedin the second key backup folder 232. A third integrity file includingthe checksum of the third encryption key may be stored in the third keybackup folder 233.

Referring to FIG. 4, as an embodiment, at least one data file may bestored in the first data folder 211. For example, a single data file(e.g., a first data file 311) may be stored in the first data folder211. Alternatively, a plurality of data files (e.g., first to fourthdata files 311, 312, 313, and 314) may be stored in the first datafolder 211. The first encryption key (e.g., first to third key files321, 322, and 323) stored in the first key storage folder 221 may begenerated based on data files (e.g., at least one of the first to fourthdata files 311, 312, 313, and 314) stored in the first data folder 211.The same first backup encryption key (e.g., first to third key backupfiles 331, 332, and 333) as the first encryption key may be backed upand stored in the first key backup folder 231. Besides, the firstintegrity file 411 including the checksum of the first encryption keymay be stored in the first key backup folder 231. In variousembodiments, the second encryption key or the third encryption keystored in the second key storage folder 222 or the third key storagefolder 223 may be generated and stored in the manner the same as orsimilar to the first encryption key stored in the first key storagefolder 221. Furthermore, the second backup encryption key or the thirdbackup encryption key stored in the second key backup folder 232 or thethird key backup folder 233 may be generated and stored in the mannerthe same as or similar to the first backup encryption key stored in thefirst key backup folder 231. In various embodiments, the firstencryption key may include the first to third key files 321, 322, and323. However, this is exemplary, and the number of key files included inthe first encryption key is not limited thereto. The first encryptionkey may include at least one key file. In various embodiments, thenumber or content of key files included in the first encryption key maybe the same or different from the number or content of key filesincluded in the second encryption key or the third encryption key.

According to an embodiment, the first integrity file 411 may begenerated by re-encrypting the first encryption key (e.g., the first tothird key files 321, 322, and 323). For example, referring to FIG. 5A,the processor 120 of the electronic device 101 may calculate checksums(e.g., first to third sub checksums 511, 512, and 513) of the respectivefirst to third key files 321, 322, and 323 (e.g., a first encryptionoperation 510). The processor 120 may calculate a checksum 521 of thefirst to third sub checksums 511, 512, and 513 (e.g., a secondencryption operation 520). The processor 120 may store the firstintegrity file 411 including the checksum 521 in the first key backupfolder 231 of the key backup partition 230. For example, the firstencryption operation 510 and the second encryption operation 520 may beimplemented using an encryption hash function (e.g., the secure hashalgorithm) or various encryption algorithms (e.g., Merkle tree). Invarious embodiments, the second integrity file stored in the second keybackup folder 232 or the third integrity file stored in the third keybackup folder 233 may be generated in the manner the same as or similarto the first integrity file 411.

According to various embodiments, sub checksums may be generated inunits of file fragments, not file units. For example, referring to FIG.5B, the processor 120 of the electronic device 101 may divide the firstto third key files 321, 322, and 323 into file fragments (e.g., first tofourth file fragments 531, 532, 533, and 534) of a specified size (e.g.,4 KB). The processor 120 may calculate checksums (e.g., the first tofourth sub checksums 511, 512, 513, and 514) based on the first tofourth file fragments 531, 532, 533, and 534 (e.g., the first encryptionoperation 510). The processor 120 may calculate the checksum 521 of thefirst to fourth sub checksums 511, 512, 513, and 514 (e.g., the secondencryption operation 520).

According to various embodiments, the processor 120 of the electronicdevice 101 may include a key backup storage unit 240, an integrity checkunit 250, and a key recovery unit 260. For example, referring to FIG.2B, the key backup storage unit 240, the integrity check unit 250, andthe key recovery unit 260 may be implemented with hardware in a part ofthe processor 120. Alternatively, the key backup storage unit 240, theintegrity check unit 250, and the key recovery unit 260 may be stored inthe memory 130 as software; the processor 120 may execute the key backupstorage unit 240, the integrity check unit 250, and the key recoveryunit 260. Alternatively, the key backup storage unit 240, the integritycheck unit 250, and the key recovery unit 260 may be implemented withthe combination of hardware and software. The processor 120 may performthe operations of FIGS. 6 to 14 described below through the key backupstorage unit 240, the integrity check unit 250, and the key recoveryunit 260.

According to various embodiments, the key backup storage unit 240 mayback up the encryption key stored in the key storage partition 220 inthe key backup partition 230. For example, in an operation of satisfyingthe specified conditions (e.g., at the first boot time, when a new useris registered, or when the content of a data folder is changed), the keybackup storage unit 240 may generate a new encryption key and may storethe encryption key generated in the key storage partition 220. Forexample, the key backup storage unit 240 may generate a first encryptionkey (e.g., the first to third key files 321, 322, and 323) correspondingto the first data folder 211 and may store the first encryption key inthe first key storage folder 221. Likewise, the key backup storage unit240 may generate a second encryption key corresponding to the seconddata folder 212 to store the second encryption key in the second keystorage folder 222 and may generate a third encryption key correspondingto the third data folder 213 to store the third encryption key in thethird key storage folder 223.

In addition, as an embodiment, the key backup storage unit 240 may backup the encryption key stored in the key storage partition 220 in the keybackup partition 230. For example, the key backup storage unit 240 maystore the first backup encryption key (e.g., the first to third keybackup files 331, 332, and 333), which is the same as the firstencryption key, in the first key backup folder 231. Likewise, the keybackup storage unit 240 may store the second backup encryption key,which is the same as the second encryption key, in the second key backupfolder 232 and may store the third backup encryption key, which is thesame as the third encryption key, in the third key backup folder 233.

Furthermore, in an embodiment, the key backup storage unit 240 maygenerate an integrity file corresponding to the encryption key and maystore the integrity file in the key backup partition 230. For example,the key backup storage unit 240 may generate the first integrity file411 based on the first encryption key (e.g., the first to third keyfiles 321, 322, and 323). For example, using the method of FIG. 5A, thekey backup storage unit 240 may calculate the sub checksums 511, 512,and 513 of the respective first to third key files 321, 322, and 323 andmay calculate the checksum 521 of the sub checksums 511, 512, and 513again to generate the first integrity file 411 including the checksum521. Alternatively, using the method of FIG. 5B, the key backup storageunit 240 may calculate the sub checksums 511, 512, 513, and 514 of therespective first to fourth file fragments 531, 532, 533, and 534obtained by dividing the first to third key files 321, 322, and 323 intoa specified size (e.g., 4 KB) and may calculate the checksum 521 of thesub checksums 511, 512, 513, and 514 again to generate the firstintegrity file 411 including the checksum 521. The key backup storageunit 240 may store the generated first integrity file 411 together withthe first to third key backup files 331, 332, and 333 in the first keybackup folder 231. Likewise, the key backup storage unit 240 may storethe second integrity file generated based on the second encryption keyin the second key backup folder 232 and may store the third integrityfile generated based on the third encryption key in the third key backupfolder 233.

According to various embodiments, when a specified condition occurs(e.g., the decryption error of one of the first to third data folders211, 212, and 213), the integrity check unit 250 may determine whetherthe encryption key is recoverable, by determining the integrity of theencryption key or the backup encryption key. For example, the processor120 may decrypt the first data folder 211 to read out data (e.g., files)stored in the first data folder 211, using the first encryption key(hereinafter a first current encryption key) stored in the first keystorage folder 221 during a specified operation (e.g., at boot time). Atthis time, when the decryption error of the first data folder 211occurs, the integrity check unit 250 may determine whether the firstcurrent encryption key is corrupted, using the first integrity file 411stored in the first key backup folder 231. The method of determiningwhether the first current encryption key is corrupted will be describedin detail in FIG. 11 to be described later. When the first currentencryption key is normal, the processor 120 may perform the decryptionoperation of the first data folder 211 again. When the first currentencryption key is corrupted, the integrity check unit 250 may determinewhether the first current encryption key is recoverable, using the firstbackup encryption key and the first integrity file 411 that are storedin the first key backup folder 231. A method of determining whether thefirst current encryption key is recoverable will be described in detailin FIG. 12 described later. Likewise, the integrity check unit 250 maydetermine whether the second encryption key or the third encryption keyis corrupted or recoverable, during a specified operation (e.g., at boottime or when users are switched).

According to various embodiments, when the recovery of the currentencryption key is possible, the key recovery unit 260 may recover thecurrent encryption key. For example, the key recovery unit 260 mayreplace the current encryption key (e.g., the first encryption keystored in the first key storage folder 221, the second encryption keystored in the second key storage folder 222, or the third encryption keystored in third key storage folder 223) stored in the key storagepartition 220 with a backup encryption key (e.g., the first backupencryption key stored in the first key backup folder 231, the secondbackup encryption key stored in the second key backup folder 232, or thethird backup encryption key stored in the third key backup folder 233)stored in the key backup partition 230. For example, the key recoveryunit 260 may delete the first encryption key from the first key storagefolder 221 and may store the first backup encryption key in the firstkey storage folder 221. The key recovery unit 260 may delete the secondencryption key from the second key storage folder 222 and may store thesecond backup encryption key in the second key storage folder 222. Thekey recovery unit 260 may delete the third encryption key from the thirdkey storage folder 223 and may store the third backup encryption key inthe third key storage folder 223.

As described above, the processor 120 may store the encryption key(e.g., the first encryption key, the second encryption key, or the thirdencryption key) corresponding to the data folder (e.g., the first tothird data folders 211, 212, and 213) in the key storage folder (e.g.,the first to third key storage folders 221, 222, and 223) of the keystorage partition 220 that is a region separated from the data partition210. Accordingly, the corruption of the encryption key due to thefrequent input/output of the data folder may be prevented. In variousembodiments, the processor 120 may store a backup (e.g., a backupencryption key) of the encryption key in the key backup partition 230that is a region separated from the key storage partition 220.Furthermore, the processor 120 may store the integrity file, which isobtained by encrypting the encryption key in duplicate, in the keybackup partition 230. The processor 120 may determine whether theencryption key is corrupted and recoverable, using an integrity file andthen may perform self-recover on the encryption key, using a backupencryption key. When self-recovery is capable of being normallyperformed on the encryption key, the data folder may be decryptednormally through the recovered encryption key, thereby preventing theloss of user data.

FIG. 6 is a flowchart illustrating a boot operation of an electronicdevice according to an embodiment. FIG. 7 is a flowchart illustrating anexample of an operation of generating a key storage folder and a keybackup folder corresponding to A1 and A2 of FIG. 6. FIG. 8 is aflowchart illustrating an example of an integrity verification operationof a first encryption key corresponding to B1 and B2 of FIG. 6. FIG. 9is a flowchart illustrating an example of an integrity verificationoperation of a second encryption key corresponding to C1 and C2 of FIG.6. FIG. 10 is a flowchart illustrating an example of an integrityverification operation of a third encryption key corresponding to D1 andD2 of FIG. 6.

Referring to FIGS. 6 to 10, at boot time, the processor (e.g., theprocessor 120) of an electronic device (e.g., the electronic device 101)may verify the integrity of the first to third encryption keys stored inthe first to third key storage folders 221, 222, and 223 of FIG. 3 andmay perform self-recovery when there is an error in the first to thirdencryption keys.

According to an embodiment, in operation 605, the processor may mountfiles stored in the data partition 210 of FIG. 3 at boot time. Inoperation 610, the processor may determine whether the electronic deviceis first booted up (e.g., the first use of an electronic device after auser purchases the electronic device or the first boot after theinitialization of the electronic device). When a boot is the first boot,after the movement to A1 node, the processor may perform the encryptionkey generation operation of FIG. 7. When the boot is not the first boot,the processor may perform operation 615.

According to an embodiment, when it is determined in operation 610 thatthe boot is the first boot, the processor (e.g., the key backup storageunit 240 of FIG. 2B) may perform operation 705 to operation 750 of FIG.7. Referring to FIG. 7, in operation 705, the processor may generate thefirst key storage folder 221 in the key storage partition 220 of FIG. 3and may generate a first encryption key (e.g., the first to third keyfiles 321, 322, and 323 in FIG. 4) corresponding to files (e.g., atleast one of the first to fourth data files 311, 312, 313, and 314 inFIG. 4) stored in the first data folder 211 (e.g., global DE) of FIG. 3to store the first encryption key in the first key storage folder 221.In operation 715, the processor may generate the first key backup folder231 in the key backup partition 230 of FIG. 3 and may back up (or store)the same first backup encryption key (e.g., the first to third keybackup files 331, 332, and 333 in FIG. 4) as the first encryption key,in the first key backup folder 231. In operation 720, the processor maystore the first integrity file (e.g., the first integrity file 411 ofFIG. 4) obtained by re-encrypting the first encryption key, in the firstkey backup folder 231. The first integrity file may be generated throughthe encryption method of FIG. 5A or 5B.

According to an embodiment, in operation 725, the processor may generatethe second key storage folder 222 in the key storage partition 220 andmay generate a second encryption key corresponding to files stored inthe second data folder 212 (e.g., user DE) to store the secondencryption key in the second key storage folder 222. In operation 730,the processor may generate the second key backup folder 232 in the keybackup partition 230 and may back up (or store) the second backupencryption key, which is the same as the second encryption key, in thesecond key backup folder 232. In operation 735, the processor may storethe second integrity file obtained by re-encrypting the secondencryption key, in the second key backup folder 232. The secondintegrity file may be generated through the encryption method of FIG. 5Aor 5B.

According to an embodiment, in operation 740, the processor may generatethe third key storage folder 223 in the key storage partition 220 andmay generate a third encryption key corresponding to files stored in thethird data folder 213 (e.g., user CE) to store the third encryption keyin the third key storage folder 223. In operation 745, the processor maygenerate the third key backup folder 233 in the key backup partition 230and may back up (or store) the third backup encryption key, which is thesame as the third encryption key, in the third key backup folder 233. Inoperation 750, the processor may store the third integrity file obtainedby re-encrypting the third encryption key, in the third key backupfolder 233. The third integrity file may be generated through theencryption method of FIG. 5A or 5B. In various embodiments, the thirdkey storage folder 223 may be generated in the sub-folder of the secondkey storage folder 222. Besides, the third key backup folder 233 may begenerated in the sub-folder of the second key backup folder 232.

According to various embodiments, when there are a plurality of users,operation 725 to operation 750 may be repeatedly performed as many asthe number of users. After operation 705 to operation 750 may beperformed, the processor may perform operation 615 of FIG. 6.

According to an embodiment, in operation 615, the processor maydetermine whether the files stored in the first data folder 211 arecapable of being decrypted. For example, the processor may perform adecryption operation of files stored in the first data folder 211, usinga first encryption key stored in the first key storage folder 221. Whenthe files stored in the first data folder 211 are completely decrypted,the processor may perform operation 620. When an error occurs during thedecryption operation, after the movement to B1 node, the processor mayperform an integrity check operation on the first encryption key in FIG.8.

According to an embodiment, when an error occurs during the decryptionoperation on the files stored in the first data folder 211 in operation615, the processor may perform operation 810 to operation 840 of FIG. 8.Referring to FIG. 8, in operation 810, the processor (e.g., theintegrity check unit 250 of FIG. 2B) may determine whether there is anerror in the first current encryption key used in operation 615. Forexample, the processor may calculate the current checksum of the firstcurrent encryption key, using the method of FIG. 5A or 5B. The processormay compare the current checksum with the first integrity file 411pre-stored in the first key backup folder 231. When the current checksumis the same as the first integrity file 411, the processor may determinethat there is no error in the first current encryption key and mayperform operation 615 of FIG. 6 again after the movement to B2 node.When the current checksum is different from the first integrity file411, the processor may determine that there is an error in the firstcurrent encryption key and may perform operation 820.

According to an embodiment, in operation 820, the processor (e.g., theintegrity check unit 250 of FIG. 2B) may determine whether the firstcurrent encryption key is recoverable. For example, the processor maycalculate the backup checksum of the first backup encryption key storedin the first key backup folder 231, using the method of FIG. 5A or 5B.The processor may compare the backup checksum with the first integrityfile 411 stored in the first key backup folder 231. When the backupchecksum is the same as the first integrity file 411, the processor maydetermine that the first current encryption key is recoverable and mayperform operation 830. When the backup checksum is different from thefirst integrity file 411, the processor may determine that the firstcurrent encryption key is irrecoverable; in operation 840, the processormay display the content indicating that the electronic device is beinginitialized, through a display device (e.g., the display device 160).

According to an embodiment, when the backup checksum is the same as thefirst integrity file 411, in operation 830, the processor (e.g., the keyrecovery unit 260 of FIG. 2B) may recover the first current encryptionkey, using the first backup encryption key. For example, the processormay delete the first current encryption key and may store the firstbackup encryption key in the first key storage folder 221. After themovement to B2 node, the processor may perform operation 615 of FIG. 6again, using a new first encryption key (e.g., the first backupencryption key).

According to an embodiment, after the first data folder 211 is decryptedin operation 615, the processor may determine whether the files storedin the second data folder 212 are capable of being decrypted. Forexample, the processor may perform a decryption operation of filesstored in the second data folder 212, using a second encryption keystored in the second key storage folder 222. When the files stored inthe second data folder 212 are completely decrypted, the processor mayperform operation 625. When an error occurs during the decryptionoperation, after the movement to C1 node, the processor may perform anintegrity check operation on the second encryption key in FIG. 9.

According to an embodiment, when an error occurs during the decryptionoperation on the files stored in the second data folder 212 in operation620, the processor may perform operation 910 to operation 940 of FIG. 9.Referring to FIG. 9, in operation 910, the processor (e.g., theintegrity check unit 250 of FIG. 2B) may determine whether there is anerror in the second current encryption key used in operation 620. Forexample, the processor may calculate the current checksum of the secondcurrent encryption key, using the method of FIG. 5A or 5B. The processormay compare the current checksum with the second integrity filepre-stored in the second key backup folder 232. When the currentchecksum is the same as the second integrity file, the processor maydetermine that there is no error in the second current encryption keyand may perform operation 620 of FIG. 6 again after the movement to C2node. When the current checksum is different from the second integrityfile, the processor may determine that there is an error in the secondcurrent encryption key and may perform operation 920.

According to an embodiment, in operation 920, the processor (e.g., theintegrity check unit 250 of FIG. 2B) may determine whether the secondcurrent encryption key is recoverable. For example, the processor maycalculate the backup checksum of the second backup encryption key storedin the second key backup folder 232, using the method of FIG. 5A or 5B.The processor may compare the backup checksum with the second integrityfile stored in the second key backup folder 232. When the backupchecksum is the same as the second integrity file, the processor maydetermine that the second current encryption key is recoverable and mayperform operation 930. When the backup checksum is different from thesecond integrity file, the processor may determine that the secondcurrent encryption key is irrecoverable; in operation 940, the processormay display the content indicating that the electronic device is beinginitialized, through a display device (e.g., the display device 160).

According to an embodiment, when the backup checksum is the same as thesecond integrity file, in operation 930, the processor (e.g., the keyrecovery unit 260 of FIG. 2B) may recover the second current encryptionkey, using the second backup encryption key. For example, the processormay delete the second current encryption key and may store the secondbackup encryption key in the second key storage folder 222. After themovement to C2 node, the processor may perform operation 620 of FIG. 6again, using a new second encryption key (e.g., the second backupencryption key).

According to an embodiment, after the second data folder 212 isdecrypted in operation 620, in operation 625, the processor may displaya lock screen (e.g., a numeric password input screen or a pattern inputscreen) through a display device (e.g., the display device 160). Inoperation 630, the processor may receive a user password (e.g., a pin ora pattern) and may compare the user password with the user password datastored in the third data folder 213 to unlock the lock screen. To obtainuser password data stored in the third data folder 213, in operation635, the processor may determine whether the third data folder 213 iscapable of being decrypted.

According to an embodiment, in operation 635, the processor maydetermine whether the files stored in the third data folder 213 arecapable of being decrypted. For example, the processor may perform adecryption operation of files stored in the third data folder 213, usinga third encryption key stored in the third key storage folder 223. Whenthe files stored in the third data folder 213 are completely decrypted,the processor may compare the user password data stored in the thirddata folder 213 with the user password received in operation 630 tounlock the lock screen and may terminate booting. When an error occursduring the decryption operation, after the movement to D1 node, theprocessor may perform an integrity check operation on the thirdencryption key in FIG. 10.

According to an embodiment, when an error occurs during the decryptionoperation on the files stored in the third data folder 213 in operation635, the processor may perform operation 1010 to operation 1040 of FIG.10. Referring to FIG. 10, in operation 1010, the processor (e.g., theintegrity check unit 250 of FIG. 2B) may determine whether there is anerror in the third current encryption key used in operation 635. Forexample, the processor may calculate the current checksum of the thirdcurrent encryption key, using the method of FIG. 5A or 5B. The processormay compare the current checksum with the third integrity filepre-stored in the third key backup folder 233. When the current checksumis the same as the third integrity file, the processor may determinethat there is no error in the third current encryption key and mayperform operation 635 of FIG. 6 again after the movement to D2 node.When the current checksum is different from the third integrity file,the processor may determine that there is an error in the third currentencryption key and may perform operation 1020.

According to an embodiment, in operation 1020, the processor (e.g., theintegrity check unit 250 of FIG. 2B) may determine whether the thirdcurrent encryption key is recoverable. For example, the processor maycalculate the backup checksum of the third backup encryption key storedin the third key backup folder 233, using the method of FIG. 5A or 5B.The processor may compare the backup checksum with the third integrityfile stored in the third key backup folder 233. When the backup checksumis the same as the third integrity file, the processor may determinethat the third current encryption key is recoverable and may performoperation 1030. When the backup checksum is different from the thirdintegrity file, the processor may determine that the third currentencryption key is irrecoverable; in operation 1040, the processor maydisplay the content indicating that the electronic device is beinginitialized, through a display device (e.g., the display device 160).

According to an embodiment, when the backup checksum is the same as thethird integrity file, in operation 1030, the processor (e.g., the keyrecovery unit 260 of FIG. 2B) may recover the third current encryptionkey, using the third backup encryption key. For example, the processormay delete the third current encryption key and may store the thirdbackup encryption key in the third key storage folder 223. After themovement to D2 node, the processor may perform operation 635 of FIG. 6again, using a new third encryption key (e.g., the third backupencryption key).

According to various embodiments, when there are a plurality of users,the processor may add an operation of selecting a user before operation620. In this case, the processor may perform operations 620 to operation635 on the second data folder 212 and the third data folder 213corresponding to the selected user.

According to various embodiments, encryption keys, backup encryptionkeys, or integrity files may be stored in the key storage partition 220or the key backup partition 230 in advance through at least one of theoperations of FIG. 7. In a state where encryption keys, backupencryption keys, or integrity files are stored in a memory (e.g., thememory 130), the processor may separately perform at least one ofoperations 615 to operation 635 of FIG. 6 during an operation ofsatisfying a specified condition (e.g., when an error occurs during thedecryption of a data folder).

As described above, the processor may determine whether the encryptionkey is corrupted and recoverable, using an integrity file through theoperations of FIGS. 8, 9, or 10 and then may perform self-recover on theencryption key, using a backup encryption key. When self-recovery iscapable of being normally performed on the encryption key, the datafolder may be decrypted normally through the recovered encryption key,thereby preventing the loss of user data.

FIG. 11 is a flowchart illustrating a method of determining integrity ofa current encryption key of an electronic device according to anembodiment. The integrity determining method of FIG. 11 may represent anexample of operation 810 of FIG. 8, operation 910 of FIG. 9, oroperation 1010 of FIG. 10. Referring to FIG. 11, when an error occursduring the decryption process of the data folder (e.g., one of the firstto third data folders 211, 212, and 213) of the data partition 210, theprocessor (e.g., the processor 120 or the integrity check unit 250) ofan electronic device (e.g., the electronic device 101) may performoperation 1110 to operation 1150.

According to an embodiment, in operation 1110, the processor may obtaina current checksum for a current encryption key (e.g., one of first tothird encryption keys) corresponding to the data folder. For example,the processor may calculate the current checksum through the method ofFIG. 5A or 5B.

According to an embodiment, in operation 1120, the processor may obtainan integrity file corresponding to the current encryption key. Forexample, when the encryption key corresponding to the data folder isgenerated, the integrity file may be generated through the method ofFIG. 5A or 5B and then may be stored in a key backup foldercorresponding to the data folder.

According to an embodiment, in operation 1130, the processor may comparethe current checksum with the integrity file. In operation 1140, whenthe current checksum is the same as the integrity file, the processormay determine that the current encryption key is normal (e.g., thecurrent encryption key remains in the same state as a state in the casewhere it is generated), and may perform the decryption operation (e.g.,operation 615, operation 620, and operation 635 of FIG. 6) of the datafolder again. In operation 1150, when the current checksum is differentfrom the integrity file, the processor may determine that the currentencryption key is corrupted, and may perform a recovery operation (seeFIG. 12) on the current encryption key.

FIG. 12 is a flowchart illustrating a method of determining whether acurrent encryption key of an electronic device is recoverable, accordingto an embodiment. A method of determining whether the current encryptionkey of FIG. 12 is recoverable may represent an example of operation 820of FIG. 8, operation 920 of FIG. 9, or operation 1020 of FIG. 10.Referring to FIGS. 11 and 12, in operation 1150 of FIG. 11, when it isdetermined that the current encryption key is corrupted, the processor(e.g., the processor 120 or the integrity check unit 250) of theelectronic device (e.g., the electronic device 101) may performoperation 1210 to operation 1250.

According to an embodiment, in operation 1210, the processor may obtaina backup checksum for a backup encryption key (e.g., one of the first tothird backup encryption keys) corresponding to the corrupted currentencryption key. For example, the processor may calculate the backupchecksum through the method of FIG. 5A or 5B.

According to an embodiment, in operation 1220, the processor may obtainan integrity file corresponding to the backup encryption key. Forexample, when the encryption key corresponding to the data folder isgenerated, the integrity file may be generated through the method ofFIG. 5A or 5B and then may be stored in a key backup foldercorresponding to the data folder.

According to an embodiment, in operation 1230, the processor may comparethe backup checksum with the integrity file. In operation 1240, when thebackup checksum is the same as the integrity file, the processor maydetermine that the damaged current encryption key is recoverable, andmay replace the corrupted current encryption key with the backupencryption key (or may delete the corrupted current encryption key fromthe key storage folder and may store the backup encryption key in thekey storage folder). In operation 1250, when the backup checksum isdifferent from the integrity file, the processor may determine that thecurrent encryption key is irrecoverable, and may display the contentindicating the initialization of the electronic device on a displaydevice (e.g., the display device 160). As described above, whenself-recovery is capable of being normally performed on the encryptionkey, the data folder may be decrypted normally through the recoveredencryption key, thereby preventing the loss of user data.

FIG. 13 is a flowchart illustrating a user switching operation of anelectronic device according to an embodiment. FIG. 14 is a flowchartillustrating an example of an operation of generating a key storagefolder and a key backup folder corresponding to A3 and A4 of FIG. 13.

Referring to FIG. 13, when a user is switched, the processor (e.g., theprocessor 120) of an electronic device (e.g., the electronic device 101)may verify the integrity of the second and third encryption keys storedin the second and third key storage folders 222 and 223 of FIG. 3 andmay perform self-recovery when there is an error in the second and thirdencryption keys. In FIG. 13, the electronic device may log-out of thefirst user and may perform log-in of the second user.

According to an embodiment, in operation 1305, the processor may switchthe state of the storage (e.g., the second and third data folders 212and 213 of FIG. 3 corresponding to the first user) of the logged-outfirst user into a locked state.

According to an embodiment, in operation 1310, the processor maydetermine whether the login is the first login for the second user. Whenthe login is not the first login of the second user, the processor mayperform operation 1315. When the login is the first login of the seconduser, the processor (e.g., the key backup storage unit 240 in FIG. 2B)may perform operation 1405 to operation 1430 in FIG. 14 after themovement to A3 node.

According to an embodiment, when the login is the first login of thesecond user, in operation 1405 to operation 1430, the processor maygenerate the encryption key, the key storage folder, and the key backupfolder (e.g., the second key storage folder 222, the third key storagefolder 223, the second key backup folder 232, and the third key backupfolder 233 of FIG. 3) for the second user. Because operation 1405 tooperation 1430 may be the same or similar to operation 725 to operation750 of FIG. 7, the detailed descriptions of operation 1405 to operation1430 may be omitted.

According to an embodiment, in operation 1315, the processor (e.g., theintegrity check unit 250 or the key recovery unit 260 of FIG. 2B) maydetermine whether the decryption of the second data folder (e.g., userDE or the second data folder 212 in FIG. 3) of the second user ispossible. For example, the processor may perform a decryption operationof files stored in the second data folder of the second user, using thesecond encryption key of the second user stored in the second keystorage folder (e.g., the second key storage folder 222) of the seconduser. When the files stored in the second data folder of the second userare completely decrypted, the processor may perform operation 1320. Whenan error occurs during the decryption operation, after the movement toC1 node, the processor may perform an integrity check operation on thesecond encryption key described in FIG. 9 (see FIG. 9).

According to an embodiment, after the second data folder of the seconduser is decrypted in operation 1315, in operation 1320, the processormay display a lock screen (e.g., a numeric password input screen or apattern input screen) through a display device (e.g., the display device160). In operation 1325, the processor may receive a user password(e.g., a pin or a pattern) for the second user and may unlock the lockscreen by comparing the user password with the user password data of thesecond user stored in the third data folder (e.g., user CE or the thirddata folder 213 in FIG. 3) of the second user. To obtain the userpassword data of the second user stored in the third data folder of thesecond user, in operation 1330, the processor may determine whether thedecryption of the third data folder of the second user is possible.

According to an embodiment, in operation 1330, the processor (e.g., theintegrity check unit 250 or the key recovery unit 260 of FIG. 2B) maydetermine whether the decryption of files stored in the third datafolder of the second user is possible. For example, the processor mayperform a decryption operation of files stored in the third data folderof the second user, using the third encryption key of the second userstored in the third key storage folder (e.g., the third key storagefolder 223) of the second user. When the files stored in the third datafolder of the second user are completely decrypted, the processor maycompare the user password data of the second user stored in the thirddata folder of the second user with the user password received inoperation 1325, may unlock the lock screen, and may terminate userswitching. When an error occurs during the decryption operation, afterthe movement to D1 node, the processor may perform an integrity checkoperation on the third encryption key in FIG. 10 (see FIG. 10).

According to various embodiments, encryption keys, backup encryptionkeys, or integrity files may be stored in the key storage partition 220or the key backup partition 230 in advance through at least one of theoperations of FIG. 14. In a state where encryption keys, backupencryption keys, or integrity files are stored in a memory (e.g., thememory 130), the processor may separately perform at least one ofoperations 1315 to operation 1330 of FIG. 13 during an operation ofsatisfying a specified condition (e.g., when an error occurs during thedecryption of a data folder).

The electronic device according to various embodiments may be one ofvarious types of electronic devices. The electronic devices may include,for example, a portable communication device (e.g., a smartphone), acomputer device, a portable multimedia device, a portable medicaldevice, a camera, a wearable device, or a home appliance. According toan embodiment of the disclosure, the electronic devices are not limitedto those described above.

It should be appreciated that various embodiments of the disclosure andthe terms used therein are not intended to limit the technologicalfeatures set forth herein to particular embodiments and include variouschanges, equivalents, or replacements for a corresponding embodiment.With regard to the description of the drawings, similar referencenumerals may be used to refer to similar or related elements. It is tobe understood that a singular form of a noun corresponding to an itemmay include one or more of the things, unless the relevant contextclearly indicates otherwise. As used herein, each of such phrases as “Aor B,” “at least one of A and B,” “at least one of A or B,” “A, B, orC,” “at least one of A, B, and C,” and “at least one of A, B, or C,” mayinclude any one of, or all possible combinations of the items enumeratedtogether in a corresponding one of the phrases. As used herein, suchterms as “1st” and “2nd,” or “first” and “second” may be used to simplydistinguish a corresponding component from another, and does not limitthe components in other aspect (e.g., importance or order). It is to beunderstood that if an element (e.g., a first element) is referred to,with or without the term “operatively” or “communicatively”, as “coupledwith,” “coupled to,” “connected with,” or “connected to” another element(e.g., a second element), it means that the element may be coupled withthe other element directly (e.g., wiredly), wirelessly, or via a thirdelement.

As used herein, the term “module” may include a unit implemented inhardware, software, or firmware, and may interchangeably be used withother terms, for example, “logic,” “logic block,” “part,” or“circuitry”. A module may be a single integral component, or a minimumunit or part thereof, adapted to perform one or more functions. Forexample, according to an embodiment, the module may be implemented in aform of an application-specific integrated circuit (ASIC).

Various embodiments as set forth herein may be implemented as software(e.g., the program 140) including one or more instructions that arestored in a storage medium (e.g., internal memory 136 or external memory138) that is readable by a machine (e.g., the electronic device 101).For example, a processor (e.g., the processor 120) of the machine (e.g.,the electronic device 101) may invoke at least one of the one or moreinstructions stored in the storage medium, and execute it, with orwithout using one or more other components under the control of theprocessor. This allows the machine to be operated to perform at leastone function according to the at least one instruction invoked. The oneor more instructions may include a code generated by a compiler or acode executable by an interpreter. The machine-readable storage mediummay be provided in the form of a non-transitory storage medium. Wherein,the term “non-transitory” simply means that the storage medium is atangible device, and does not include a signal (e.g., an electromagneticwave), but this term does not differentiate between where data issemi-permanently stored in the storage medium and where the data istemporarily stored in the storage medium.

According to an embodiment, a method according to various embodiments ofthe disclosure may be included and provided in a computer programproduct. The computer program product may be traded as a product betweena seller and a buyer. The computer program product may be distributed inthe form of a machine-readable storage medium (e.g., compact disc readonly memory (CD-ROM)), or be distributed (e.g., downloaded or uploaded)online via an application store (e.g., PLAYSTORE), or between two userdevices (e.g., smart phones) directly. If distributed online, at leastpart of the computer program product may be temporarily generated or atleast temporarily stored in the machine-readable storage medium, such asmemory of the manufacturer's server, a server of the application store,or a relay server.

According to various embodiments, each component (e.g., a module or aprogram) of the above-described components may include a single entityor multiple entities. According to various embodiments, one or more ofthe above-described components may be omitted, or one or more othercomponents may be added. Alternatively or additionally, a plurality ofcomponents (e.g., modules or programs) may be integrated into a singlecomponent. In such a case, according to various embodiments, theintegrated component may still perform one or more functions of each ofthe plurality of components in the same or similar manner as they areperformed by a corresponding one of the plurality of components beforethe integration. According to various embodiments, operations performedby the module, the program, or another component may be carried outsequentially, in parallel, repeatedly, or heuristically, or one or moreof the operations may be executed in a different order or omitted, orone or more other operations may be added.

According to embodiments disclosed in the specification, the loss of theencryption key due to input/output of user data may be prevented bystoring encryption keys in a key storage partition different from a datapartition.

According to embodiments disclosed in the specification, self-recoveryis possible in case of corrupting an encryption key, by backing upencryption keys stored in a key storage partition in a key backuppartition.

According to embodiments disclosed in the specification, it is possibleto identify the integrity of the encryption keys stored in the keystorage partition or the backup encryption keys stored in the key backuppartition, using a small-sized integrity file obtained by re-encryptingthe encryption keys; besides, it is possible to determine whether theencryption keys are capable of being recovered.

According to embodiments disclosed in the specification, it is possibleto decrypt a data folder normally through the backup encryption key whenthe encryption key is corrupted due to a file system error.

According to embodiments disclosed in the specification, it is possibleto normally decrypt the data folder through the backup encryption keywhen a region where the encryption key of a memory is stored is damagedphysically.

Besides, a variety of effects directly or indirectly understood throughthe disclosure may be provided.

While the disclosure has been shown and described with reference tovarious embodiments thereof, it will be understood by those skilled inthe art that various changes in form and details may be made thereinwithout departing from the spirit and scope of the disclosure as definedby the appended claims and their equivalents.

Although the present disclosure has been described with variousembodiments, various changes and modifications may be suggested to oneskilled in the art. It is intended that the present disclosure encompasssuch changes and modifications as fall within the scope of the appendedclaims.

What is claimed is:
 1. An electronic device comprising: a memory inwhich a region is divided by a data partition, a key storage partition,and a key backup partition; and a processor operatively connected to thememory, wherein the processor is configured to: generate an encryptionkey with respect to at least one data folder generated in the datapartition to store the encryption key in the key storage partition;store a backup encryption key equal to the encryption key, in the keybackup partition; and store an integrity file including a checksum ofthe encryption key in the key backup partition.
 2. The electronic deviceof claim 1, wherein: the encryption key includes key files correspondingto the data folder, and the processor is further configured to:calculate sub checksums respectively corresponding to the key files;calculate a main checksum based on a sum of the sub checksums; andgenerate the integrity file based on the main checksum.
 3. Theelectronic device of claim 1, wherein the processor is furtherconfigured to: divide the encryption key into file fragments of aspecified size; calculate sub checksums respectively corresponding tothe file fragments; calculate a main checksum based on a sum of the subchecksums; and generate the integrity file based on the main checksum.4. The electronic device of claim 1, wherein the processor is furtherconfigured to: when an error occurs during decryption of the datafolder, calculate a current checksum of the encryption key; and comparethe current checksum with the integrity file to determine whether theencryption key is corrupted.
 5. The electronic device of claim 4,wherein the processor is further configured to: when the currentchecksum is equal to the integrity file, perform the decryption of thedata folder again, using the encryption key.
 6. The electronic device ofclaim 4, wherein the processor is further configured to: when thecurrent checksum is different from the integrity file, calculate abackup checksum of the backup encryption key; and compare the backupchecksum with the integrity file to determine whether the encryption keyis recoverable.
 7. The electronic device of claim 6, wherein theprocessor is further configured to: when the backup checksum is equal tothe integrity file, recover the encryption key, using the backupencryption key.
 8. The electronic device of claim 7, wherein theprocessor is further configured to: when the backup checksum isdifferent from the integrity file, determine that the encryption key isnot recoverable; and output a guidance of terminal initialization.
 9. Anelectronic device comprising: a memory in which a region is divided by adata partition, a key storage partition, and a key backup partition; anda processor operatively connected to the memory, wherein the datapartition includes: a first data folder in which files associated withdriving of the electronic device are stored; and a second data folder inwhich files associated with a user are stored, and wherein the processoris configured to: at a first boot time, generate a first encryption keycorresponding to the first data folder to store the first encryption keyin a first key storage folder of the key storage partition, store afirst integrity file including a first checksum calculated based on thefirst encryption key, in a first key backup folder of the key backuppartition, at the first boot time or when users are switched, generate asecond encryption key corresponding to the second data folder to storethe second encryption key in a second key storage folder of the keystorage partition, and store a second integrity file including a secondchecksum calculated based on the second encryption key, in a second keybackup folder of the key backup partition.
 10. The electronic device ofclaim 9, wherein the processor is further configured to: at the firstboot time, store a first backup encryption key equal to the firstencryption key in the first key backup folder; and at the first boottime or when the users are switched, store a second backup encryptionkey equal to the second encryption key in the second key backup folder.11. The electronic device of claim 10, wherein the processor is furtherconfigured to: when an error occurs upon decrypting the first datafolder, calculate a first current checksum of the first encryption key;and compare the first current checksum with the first integrity file.12. The electronic device of claim 11, wherein the processor is furtherconfigured to: when the first current checksum is equal to the firstintegrity file, perform a decryption operation of the first data folderagain, using the first encryption key.
 13. The electronic device ofclaim 12, wherein the processor is further configured to: when the firstcurrent checksum is different from the first integrity file, calculate afirst backup checksum of the first backup encryption key; and comparethe first backup checksum with the first integrity file.
 14. Theelectronic device of claim 13, wherein the processor is furtherconfigured to: when the first backup checksum is equal to the firstintegrity file, delete the first encryption key from the first keystorage folder; and store the first backup encryption key in the firstkey storage folder.
 15. The electronic device of claim 10, wherein: thedata partition includes a third data folder in which files associatedwith a user password are stored, and the processor is further configuredto: at the first boot time or when the users are switched, generate athird encryption key corresponding to the third data folder to store thethird encryption key in a third key storage folder of the key storagepartition; and store a third backup encryption key equal to the thirdencryption key in a third key backup folder; and store a third integrityfile including a third checksum calculated based on the third encryptionkey, in the third key backup folder of the key backup partition.
 16. Theelectronic device of claim 15, wherein the processor is furtherconfigured to: after a decryption operation of the first data folder andthe second data folder, display a lock screen on a display; and receivethe user password through an input device.
 17. The electronic device ofclaim 16, wherein the processor is further configured to: when an erroroccurs upon decrypting the third data folder, calculate a third currentchecksum of the third encryption key; and compare the third currentchecksum with the third integrity file.
 18. The electronic device ofclaim 17, wherein the processor is further configured to: when the thirdcurrent checksum is different from the third integrity file, calculate athird backup checksum of the third backup encryption key; and comparethe third backup checksum with the third integrity file.
 19. Theelectronic device of claim 18, wherein the processor is furtherconfigured to: when the third backup checksum is equal to the thirdintegrity file, delete the third encryption key from the third keystorage folder; and store the third backup encryption key in the thirdkey storage folder.
 20. The electronic device of claim 19, wherein theprocessor is further configured to: decrypt the third data folder, usingthe third backup encryption key; and determine whether to unlock thefirst data folder, the second data folder, and the third data folder,based on a comparison result of the user password received through theinput device and the user password stored in the third data folder.